Account pre-registration callback fails

houmie · October 13, 2023, 10:19pm

1. The problem I’m having:

Caddy doesn’t seem to be able to request a certificate for my website.

2023/10/13 16:22:27.527 ^[[33mWARN^[[0m http.auto_https server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srvh1", "http_port": 80}
2023/10/13 16:22:38.384 ^[[31mERROR^[[0m        events.handlers.exec    background command failed       {"error": "exit status 1"}
2023/10/13 16:23:12.944 ^[[31mERROR^[[0m        http.acme_client        challenge failed        {"identifier": "*.kindlikeme.com", "challenge_type": "dns-01", "problem": {"type": "urn:ietf:params:acme:error:unauthorized", "title": "", "detail": "During secondary validation: Incorrect TXT record \"6yCBLQoaXyeAhrV9ynneHy1_iUcHoWvVWynAbGSAN5E\" found at _acme-challenge.kindlikeme.com", "instance": "", "subproblems": []}}
2023/10/13 16:23:12.945 ^[[31mERROR^[[0m        http.acme_client        validating authorization        {"identifier": "*.kindlikeme.com", "problem": {"type": "urn:ietf:params:acme:error:unauthorized", "title": "", "detail": "During secondary validation: Incorrect TXT record \"6yCBLQoaXyeAhrV9ynneHy1_iUcHoWvVWynAbGSAN5E\" found at _acme-challenge.kindlikeme.com", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1359097266/214836862586", "attempt": 1, "max_attempts": 3}
2023/10/13 16:23:12.945 ^[[31mERROR^[[0m        tls.obtain      could not get certificate from issuer   {"identifier": "*.kindlikeme.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 403 urn:ietf:params:acme:error:unauthorized - During secondary validation: Incorrect TXT record \"6yCBLQoaXyeAhrV9ynneHy1_iUcHoWvVWynAbGSAN5E\" found at _acme-challenge.kindlikeme.com"}
2023/10/13 16:23:14.135 ^[[31mERROR^[[0m        tls.obtain      could not get certificate from issuer   {"identifier": "*.kindlikeme.com", "issuer": "acme.zerossl.com-v2-DV90", "error": "account pre-registration callback: decoding API response: invalid character '<' looking for beginning of value"}
2023/10/13 16:23:14.135 ^[[31mERROR^[[0m        tls.obtain      will retry      {"error": "[*.kindlikeme.com] Obtain: account pre-registration callback: decoding API response: invalid character '<' looking for beginning of value", "attempt": 1, "retrying_in": 60, "elapsed": 46.055265705, "max_duration": 2592000}
2023/10/13 16:42:06.367 ^[[33mWARN^[[0m exiting; byeee!! 👋     {"signal": "SIGTERM"}
2023/10/13 16:42:21.989 ^[[33mWARN^[[0m admin   admin endpoint disabled

Using latest caddy 2.7.5.

I will provide more details a bit later, I’m at the airport. lol
Thank you
Houman

matt · October 13, 2023, 11:30pm

Do you have any dangling DNS records that didn’t get cleaned up perhaps?

houmie · October 14, 2023, 6:49pm

Hello Matt,

Sorry for the delay. I finally landed and got access to the internet.

I was at first testing with a different domain name, quite a lot, and got this error:

2023/10/13 15:36:39.380 ^[[33mWARN^[[0m http.auto_https server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srvh1", "http_port": 80}
2023/10/13 15:36:41.453 ^[[31mERROR^[[0m        tls.obtain      could not get certificate from issuer   {"identifier": "*.retracted.uk", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *.retracted.uk, retry after 2023-10-13T23:40:06Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/"}

So I tried to continue my tests with the other domain name that I pasted the log earlier today. Both use the same CloudFlare Api token. Hence maybe because the first domain was locked due rate limit the second domain is affected as well?

I could do a resinstall to test it again. But I was wondering if it’s possible to test it as it is by restarting Caddy, in hope that it would now obtain the certification. Afterall it has been 24 hours since I tried last time.

Restarting caddy gives me a bizarre error:

2023/10/14 18:31:30.698 ^[[31mERROR^[[0m layer4 handling connection {"remote": "185.1xx.x.xx:38890", "error": "dial tcp 127.0.0.1:6443: connect: connection refused"}

Maybe I need to delete everything under /var/lib/caddy/.local/share/caddy ?

Thank you,
Houman

francislavoie · October 14, 2023, 6:52pm

Please fill out the help topic template, as per the forum rules. We’re lacking some context here, you haven’t shared your config nor how you installed Caddy.

system · November 13, 2023, 6:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.